Login Credentials Sent In Clear Text

Description

During the scan, Kayran managed to find that the Login Credentials are being Sent In Clear Text.
This vulnerability is caused when a user’s credentials are transmitted unencrypted. The credentials must be transmitted via HTTPS in order to prevent malicious users from intercepting this information.

Attackers could intercept, stealing the information using a MITM (Man-in-the-middle) attack to retrieve the credentials that are being sent in Clear text. The software transmits sensitive or security-critical data in clear text in a communication channel. That can be sniffed by unauthorized actors.

Recommendation

To prevent this vulnerability, make sure that the site transmits to the server by using trusted and encrypted connections (HTTPS).

References

https://cwe.mitre.org/data/definitions/319.html

< Return to all Vulnerabilities

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »